Hmmm, you are using a Gmail.com email address...

Google has declared war on the independent media and has begun blocking emails from NaturalNews from getting to our readers. We recommend GoodGopher.com as a free, uncensored email receiving service, or ProtonMail.com as a free, encrypted email send and receive service.

(Natural News)
A newly discovered flaw in chips powering wireless devices from a number of popular brands has left over a billion people vulnerable to hacking. Researchers working for the Slovakia-based internet security company ESET discovered a flaw that can allow hackers to steal data from people using these devices.

ESET researchers have officially tagged the flaw as CVE-2019-1526, but have also given it the nickname “Kr00k.” The flaw, which affects devices using Wi-Fi chips made by Cypress and Broadcom, causes vulnerable devices to use an all-zero encryption key. With this, hackers can easily read data being sent from these devices.

Hacking with an all-zero encryption key

To communicate, wireless chips send data out in chunks called packets. To keep hackers from being able to read what’s in these chunks, wireless chips will encrypt them using an encryption key, which is a string of 80 to 128 ones and zeroes that only the sending and receiving chips are supposed to know. With this encryption key, anyone intercepting these packets will not be able to read their contents.

An all-zero encryption key, on the other hand, consists entirely of zeroes. As such, anyone who intercepts these packets can easily read them. It doesn’t matter how strong the encryption is, all a hacker needs to do is enter a string of zeroes as the encryption key and they’ll be able to access the data.

The Kr00k vulnerability affects more than just one protocol. According to the researchers, the vulnerability affects both WPA2-Personal and WPA2-Enterprise protocols, with AES-CCMP encryption. Originally developed to replace the less secure WEP (Wireless Encryption Protocol) standard, WPA2 is supposed to offer government grade security by implementing encryption standards specified by the National Institute of Standards and Technology.

Despite this, a number of WPA2 vulnerabilities have been found. In 2017, Mathy Vanhoef discovered one of the most well-known of these, called KRACK (Key Reinstallation Attacks). According to the ESET team, Kr00k is actually related to the KRACK exploit.

Devices from popular brands potentially affected

Due to the popularity of the chips, the Kr00k exploit affects a wide range of devices. According to the researchers, a number of Wi-Fi access points by Asus and Huawei were particularly vulnerable.

More concerning, however, is the number of consumer devices that are vulnerable to Kr00k. A number of popular devices from tech giants such as Amazon (Echo, Kindle), Apple (iPad, iPhone, MacBook), Google (Nexus), Samsung (Galaxy) and Xiaomi (RedMi) are vulnerable to the exploit. Also vulnerable is the Raspberry Pi 3, the popular single-board computer used by many hobbyists and students. Furthermore, the researchers admitted that they weren’t able to test a number of devices from other vendors that use the affected chips from Broadcom and Cypress, and that these could also be vulnerable.

To help address the flaw, the researchers have informed Broadcom and Cypress about the vulnerabilities. These manufacturers have since released updates for the vulnerable chips. The researchers also worked with the Industry Consortium for Advancement of Security on the Internet (ICASI) to make sure that all parties affected were aware of the Kr00k exploit.

How to defend against Kr00k

The wide reach of Kr00k is a major cause for concern. With popular devices such as the Amazon Echo and Apple iPhone potentially affected, any hacker who’s aware of the exploit can use it to steal information that users send over Wi-Fi, including messages, photos and passwords.

Now, the researchers state that most companies should already have a patch out that addresses the Kr00k vulnerability. According to them, simply downloading the latest updates should take care of the vulnerability. That is, if the companies actually did address Kr00k in the patch.

Find out everything you need to know about clean and healthy living when you sign up for our free email newsletter. Receive health tips, natural remedies, exclusive in-depth reports on superfoods, toxins, and more – what the mainstream media doesn't want you to know!

"Big Tech and mainstream media are constantly trying to silence the independent voices that dare to bring you the truth about toxic food ingredients, dangerous medications and the failed, fraudulent science of the profit-driven medical establishment.

Email is one of the best ways to make sure you stay informed, without the censorship of the tech giants (Google, Apple, Facebook, Twitter, YouTube, etc.). Stay informed and you'll even likely learn information that may help save your own life."